- Setup Keycloak in non-HA mode (replica 1)
- Disable UserFederation
- You might have to increase the resource limits to avoid that pod beeing killed by memory or CPU limits
See Keycloak Documentation for more details.
Trigger export (called from pod keycloak-0):
kubectl exec -it keycloak-0 bash
/opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/opt/jboss/keycloak-export -Dkeycloak.migration.usersExportStrategy=DIFFERENT_FILES -Dkeycloak.migration.usersPerFile=100 -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777 -Djboss.management.https.port=7776
After succesful export keylcoak finish startup.
WFLYSRV0025: Keycloak 4.5.0.Final (WildFly Core 5.0.0.Final) started in 86826ms
Shutdown by pressing Ctrl+C
Copy files (on local machine):
mkdir kc-export
cd kc-export
kubectl cp keycloak-0:/opt/jboss/keycloak-export .See: https://stackoverflow.com/a/47198081/7290164
Copy files from local machine to pod:
cd kc-export
kubectl cp . keycloak-0:/opt/jboss/keycloak-exportConnect to pod and trigger import for a specific realm:
kubectl exec -it keycloak-0 bash
/opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/opt/jboss/keycloak-export -Dkeycloak.migration.usersExportStrategy=DIFFERENT_FILES -Dkeycloak.migration.usersPerFile=100 -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777 -Djboss.management.https.port=7776 -Dkeycloak.migration.realmName=<my-realm-name>
After succesful import keylcoak finish startup.
WFLYSRV0025: Keycloak 4.5.0.Final (WildFly Core 5.0.0.Final) started in 86826ms
Shutdown by pressing Ctrl+C
I’m sure that’s a deliberate security measure. It may be accessible through the UI or another CLI approach, but it’s likely possible to configure that in the new step (wherever it’s being imported) manually.